To prove the correctness of a program is to demonstrate, through
impeccable mathematical techniques, that it has no bugs; to test a
program is to run it with the expectation of discovering bugs. The two
techniques seem contradictory: if you have proved your program, it's
fruitless to comb it for bugs; and if you are testing it, that is
surely a sign that you have given up on any hope to prove its
correctness.

Accordingly, proofs and tests have, since the onset of software
engineering research, been pursued by distinct communities using
rather different techniques and tools.

And yet the development of both approaches leads to the discovery of
common issues and to the realization that each may need the other. The
emergence of model checking has been one of the first signs that
contradiction may yield to complementarity, but in the past few years
an increasing number of research efforts have encountered the need for
combining proofs and tests, dropping earlier dogmatic views of
incompatibility and taking instead the best of what each of these
software engineering domains has to offer.

The conference will include a mix of invited and submitted
presentation, and a generous allocation of panels and informal
discussions. All papers will be published in Springer's LNCS series.

Wednesday, 8 September 2010

I have been invited to serve on the Program Committee of ICTAC 2011 to be held in Johannesburg, South Africa from 31 August to 2 September
2011.
ICTAC 2011 is the 8th International Colloquium on Theoretical Aspects of Computing, the latest in a series founded by the International Institute for Software Technology of the United Nations University (UNU-IIST). ICTAC brings together practitioners and researchers
to present their research and to exchange ideas and experience
addressing challenges in both theoretical aspects of computing and in
the exploitation of theory through methods and tools for system development.

I have been invited to serve on the Program Committee of SEFM 2011, the 9th IEEE International Conference on Software Engineering and Formal Methods. SEFM 2011 will take place in Montevideo, Uruguay, end of November 2011.
The PC-chairs are Gilles Barthe and Gerardo Schneider.
The aim of the conference is to bring together practitioners and
researchers from academia, industry and government to advance the
state of the art in formal methods, to facilitate their uptake
in the software industry and to encourage their integration with practical
engineering methods.
Papers that combine formal methods and software engineering are
especially welcome.
I served as a PC-Cochair for SEFM 2005. For information on the past SEFM conferences visit the general SEFM webpage.

I have been invited to serve on the Program Committee of SCENARIOS 2011, the 1st international workshop on Scenario-Based Testing . SCENARIOS 2011 is a satellite worksop of ICST 2011 to be held in Berlin, Germany, March 2011.

Nowadays, more and more techniques rely on human intervention so as to ensure the applicability of testing approaches. Indeed, a trade-off has to be found between the relevance of the test cases (requiring strong human intervention) and automation. Scenario-Based Testing addresses this issue by looking for more automation, with human intervention restricted to insightful activities. Over the years, different scenario based testing techniques have been developed to assist the validation engineer, using textual scenarios such as regular expressions, graphical notations such as UML interaction diagrams or test purposes specified as transitions systems. All these techniques represent an efficient solution to the state space explosion problem by restricting the possible executions of the system to a limited, and hopefully more accurate, subset of admissible traces. In addition, they make it possible to capture the human expertise for testing specific situations that can not be targeted by a systematic model coverage approach.

This first edition of the workshop on Scenario-Based Testing aims at gathering ideas and techniques in the area of semi-automated testing. It is intended to assess the effectiveness of available techniques and promote original research ideas that can be concretized into an industrial context.

I have been invited to serve on the Program Committee of MBT 2011, the 7th Workshop on Model-Based Testing. MBT 2011 is a satellite worksop of ETAPS 2011 to be held in Saarbrücken, Germany.

The workshop is devoted to model-based testing of both software and hardware. Model-based testing is closely related to model-based specification. Models are used to describe the behavior of the system under consideration and to guide such efforts as test selection and test results evaluation. Both testing and verification are used to validate models against the requirements and check that the implementation conforms to the specification model.

Model-based testing has gained attention with the popularization of models in software/hardware design and development. Of particular importance are formal models with precise semantics, such as state-based formalisms. Testing with such models allows one to measure the degree of the product's conformance with the model.

Techniques to support model-based testing are drawn from diverse areas, like formal verification, model checking, control and data flow analysis, grammar analysis, and Markov decision processes.

The intent of this workshop is to bring together researchers and users of models for to discuss the state of the art in theory, applications, tools, and industrialization of model-based specification, testing and verification.

Original submissions are solicited from industry and academia. They are invited to present their work, plans, and views related to model-based testing. The topics of interest include but are not limited to:

Wednesday, 12 May 2010

Install the GCC compiler. This is done by installing Xcode, Apple's developer tool set, available for free after registration. It can be found at the Apple ADC.

Install the Apache FOP print formatter. This Java application is needed for building the documentation. This implies that you also need Java. The configuration routine checks for Java SDK 1.5. (or higher). I had Java SDK 1.6 installed.

Get the latest Erlang source, which in my case was a file named otp_src_R13B03.tar. Unarchive the file and follow the instructions:

Another Shanghai conference I have been invited to serve on the Program Committee: ICFEM 2010, the 12th International Conference on Formal Engineering Methods. ICFEM 2010 will take place in Shanghai, right after UTP 2010. Submission deadline for abstracts is 28th of May 2010.
The conference chair is my former colleague at UNU-IIST He Jifeng (East China Normal University, China), PC-cochairs are Jin Song Dong (National University of Singapore, Singapore) and Huibiao Zhu (East China Normal University, China).

ICFEM brings together those interested in the application of formal engineering methods to computer systems. Researchers and practitioners, from industry, academia, and government, are encouraged to attend, and to help advance the state of the art. We are interested in work that has been incorporated into real production systems, and in theoretical work that promises to bring practical, tangible benefit.

Submissions related to the following principal themes are encouraged,
but any topics relevant to the field of formal methods and
their support environments will also be considered:

Wednesday, 14 April 2010

I have been invited to serve on the Program Committee of UTP 2010, the 3rd International Symposium on Unifying Theories of Programming. UTP 2010 will take place in Shanghai. Submission deadline for abstracts is 4th of June 2010.
The PC-chair is Shengchao Qin, University of Durham, UK.

Based on the pioneering work on Unifying Theories of Programming by Tony Hoare, He Jifeng, and others, the aims of the UTP Symposium series are to continue to reaffirm the significance of the ongoing UTP project, to encourage efforts to advance it by providing a focus for the sharing of results by those already actively contributing, and to raise awareness of the benefits of such unifying theoretical frameworks among the wider computer science and software engineering communities.

Of particular interest is how unification may be used to meet the goals and difficulties to be encountered in the Grand Challenges of Computing, with particular reference to the UK's "GC6: Dependable Systems Evolution", its international cousin the "Verified Software Initiative", and their plan to develop a Verified Software Repository.
To this end the UTP2010 Symposium welcomes contributions on the above themes as well as others which can be related to them. Such additional themes include, but are not limited to, relational semantics, relational algebra, healthiness conditions, normal forms, linkage of theories, algebraic descriptions, incorporation of probabilistic programming, timed calculi and object-based descriptions, as well as alternative programming paradigms such as functional, logical, data-flow, and beyond. In all cases, the UTP approach should be compared and advantages/disadvantages discussed.

Wednesday, 3 March 2010

These are my project proposals for student projects in 2010. Most of the topics can be scaled to small student projects, bachelor thesis projects, master thesis projects and in some cases up to dissertation subjects. The projects are not isolated but
fit the current research agenda of my group. The students are supervised in weekly meetings.

MOMUTSIP - Model-based Mutation Testing of the SIP Protocol: Model-based Mutation Testing is a black-box testing technique, where mutation testing is applied on the modeling level. We have developed an automated test case generator based on this technique. The aim of this project is to evaluate the tool and technique for the Session Initiation Protocol used in Voice-Over-IP applications. This project is related to our FP7 MOGENTES project.

MOMUTCON - Model-based Mutation Testing of the Conference Protocol: Model-based Mutation Testing is a black-box testing technique, where mutation testing is applied on the modeling level. We have developed an automated test case generator based on this technique. The aim of this project is to evaluate the tool and technique for the Conference Protocol, a simple multicast chat box protocol. This project is related to our FP7 MOGENTES project.

MOMUTSUR - Model-based Mutation Testing Survey: Model-based Mutation Testing is a black-box testing technique, where mutation testing is applied on the modeling level. We have developed an automated test case generator based on this technique. The aim of this project is to research related work and write a survey on the topic. This includes the study of related literature as well as the evaluation of other existing tools. This project is related to our FP7 MOGENTES project.

SEMU - Semantic Mutations of UML State Chart Diagrams: Model-based Mutation Testing is a black-box testing technique, where mutation testing is applied on the modeling level. In model-based mutation testing a model is mutated by changing its syntax. The mutants represent bugs and test cases are generated to detect such bugs in an implementation. In this project we consider semantic mutations of models, i.e. what are the possible faulty interpretations of a given model. It is well-known that there are several possible interpretations of UML state charts. The student shall investigate the state of the art on this topic and describe the possible semantic variations. This semantic variations will be build into our UML-Action System translator for generating test cases. The idea is to generate test cases that will detect faulty behavior due to semantic misinterpretations. This project is related to our FP7 MOGENTES project.

COCA - Concolic Execution of Action Systems: Concolic stands for concrete and symbolic execution and is a technique for systematically exploring the paths of a program. Prominent tools that use this technique are jCute and PEX. The aim of this project is to develop a concolic executor for Action Systems. Action systems are a modeling framework well suited for modeling reactive systems, e.g. control logics of embedded systems. The student will study the problem and develop a prototype for a subset of the language. We currently use Action Systems as input to our model-based testing tools in the FP7 project MOGENTES.

SYMPRO - Symbolic Execution in Prolog: Symbolic execution is a technique we currently use for automated test case generation. In symbolic execution a program is executed with symbolic values. The result of such a symbolic execution is a formula describing all possible outputs dependent on the symbolic inputs. Prolog is well-suited to implement such a symbolic interpreter. The aim of this project is to use the professional prolog system Sicstus to develop a prototype symbolic interpreter for a small programming language. The idea is to exploit the Constraint Solvers of Sicstus Prolog in the style of constraint logic programming.

MUTO - Mutation Operators for Object-Oriented Action Systems: (in progress) Model-based Mutation Testing is a black-box testing technique, where mutation testing is applied on the modeling level. In model-based mutation testing a model is mutated by changing its syntax. The mutants represent bugs and test cases are generated to detect such bugs in an implementation. The mutants are generated by so called mutation operators. A mutation operator is a rule how a certain syntactic term, e.g. a programming statement, should be changed. This changes or mutations represent faults. The aim of this project is to define a set of mutation operators for our Object-Oriented Action System modeling language. Based on this, a tool shall be developed that takes a model and the set of mutation operators and produces a number of mutated versions of this model (mutants). We use such mutants as input for our test case generator.

MOMUTCAR - Model-based Mutation Testing of a Car Alarm System: (in progress) Model-based Mutation Testing is a black-box testing technique, where mutation testing is applied on the modeling level. We have developed an automated test case generator based on this technique. The aim of this project is to evaluate the tool and technique for an industrial case study of a car alarm system. This project is related to our FP7 MOGENTES project.

Tuesday, 19 January 2010

The International Winter School on Synthesis and Analysis of Component Connectors is taking place from 8 till the 12 of February 2010 at Park Inn Berlin-Alexanderplatz, Berlin, Germany. It is jointly organized by Coordination Languages Research Group (SEN3), Centrum Wiskunde & Informatica (CWI), the Netherlands and Faculty of Computer Science, TU Dresden, Germany.

I will give a two hours lecture on Model-based Mutation Testing: Foundations and Applications. This lecture gives an introduction to mutation testing on the modelling level.

The original idea of mutation testing on the source-code level goes back to the late 1970s and works as follows: The tester injects faults into a program under test, by deliberately changing its source code. This faulty versions of the program are called mutants. Then, test cases are executed on these mutants. If all the faults are detected, the set of test cases can be considered adequate. If the tests fail this quality assessment, then additional test cases should be designed until all faults are detected. The assumption is that other faults in the original program can be caught as well, if it is able to detect the injected faults. We show how this technique can be applied in model-based testing. The idea is to automatically generate test cases from mutated formal models. The test cases are designed to detect those bugs in a system under test that have been anticipated on the modelling level. In the course we will present (1) the general theory behind our technique, based on program semantics and refinement preorders, (2) map the theory to different modelling styles, including contracts and process algebras, and (3) discuss the model-based mutation testing of protocols and embedded systems.